CVE-2008-3356

NONECVSS 0.0

0.0

verifydb in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and other Unix platforms sets the ownership or permissions of an iivdb.log file without verifying that it is the application's own log file, which allows local users to overwrite arbitrary files by creating a symlink with an iivdb.log filename.

🔗 References (22)

cve@mitrehttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=731
cve@mitrehttp://secunia.com/advisories/31357
cve@mitrehttp://secunia.com/advisories/31398
cve@mitrehttp://securitytracker.com/id?1020613
cve@mitrehttp://www.ingres.com/support/security-alert-080108.php
cve@mitrehttp://www.securityfocus.com/archive/1/495177/100/0/threaded
cve@mitrehttp://www.securityfocus.com/bid/30512
cve@mitrehttp://www.vupen.com/english/advisories/2008/2292
cve@mitrehttp://www.vupen.com/english/advisories/2008/2313
cve@mitrehttps://exchange.xforce.ibmcloud.com/vulnerabilities/44177
cve@mitrehttps://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989
af854a3a-2127-422b-91ae-364da2661108http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=731
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/31357
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/31398
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1020613

Is Your Infrastructure Affected by CVE-2008-3356?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2008-3356

📅 Published

🔄 Last Modified

🔗 References (22)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2008-3356?